Researchers from Israeli cybersecurity company Check Point has uncovered vulnerabilities on the popular OKCupid dating app, the company announced on Wednesday.
The dating site, has had over 50 million registered users since its launch, builds personal profiles for all its users, so that it can find the best matches based on each user's personal information.
However, these detailed personal profiles are also "highly prized" by hackers, Check Point researchers said, adding that, “they’re the ’gold standard’ of information either for use in targeted attacks, or for selling on to other hacking groups, as they enable attack attempts to be highly convincing to unsuspecting targets.”
As such, Check Point researchers have found numerous vulnerabilities that could have allowed cyber hackers to:
- Expose users’ sensitive data stored on the app.
- Perform actions on behalf of the victim.
- Steals users’ profile and private data, preferences and characteristics.
- Steals users’ authentication token, users’ IDs, and other sensitive information such as email addresses.
- Send the data gathered to the attacker’s server.
Check Point said it has informed OKCupid developers about the vulnerabilities exposed in its research and said "a solution was responsibly deployed to ensure its users can safely continue using the OKCupid app."
In turn, OKCupid were quick to respond, reassuring users that no personal information was compromised as a result of the vulnerabilities.
In a statement the dating app company said: "Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours. We’re grateful to partners like Checkpoint who with OkCupid, put the safety and privacy of our users first.”